Wednesday, August 26, 2015

What are the most vulnerable to Androids Certifi-gate failure? – Pplware

just been published new data on the scope, operation and mitigation of this new threat that affects millions of Android devices around the world.

Three weeks ago, the mobile research team from Check Point, the largest specialized manufacturer worldwide safely, revealed a new vulnerability in Android, Certifi gate , which affected million devices.

faille-certifi-gate_thumb


At that moment, it was made available to users a free check app, which allowed whether a device was vulnerable to this threat. Thanks to information collected anonymously through this app -which already received about 100,000 downloads , become today public the following information:

  • At least 3 devices analyzed had been actively exploited
  • 15.8% of the devices already had a vulnerable plug-in installed (any malicious application could take control device exploiting this plug-in)
  • For brands, the devices manufactured by LG were the most vulnerable, followed by Samsung and HTC.

“Recordable Activator” is the application name ‘exploitable’ available on Google Play that was present in many of the analyzed devices. This application, developed by a British company, had registered between 100,000 and 500,000 downloads. . The app allows you to exploit the vulnerability by avoiding the model of Android permissions to use the plug-in TeamViewer and access to system resources and capture the device screen

This application goes to show that: >

  • 1. Through unprivileged applications can take advantage of a vulnerability to take control of the device without having to ask permission to Android.
  • 2. TeamViewer already corrected the official version of the plug-in, but cybercriminals can still use previous versions of this plug-in to carry out malicious acts.
  • 3. The vulnerability could be “exploited” even if you do have pre-installed a vulnerable plug-in.
  • 4. Applications able to exploit these vulnerabilities can be currently found in Google Play.
  • 5. The only solution is the ROMs develop manufacturers upgraded to affected devices.

Check Point already contacted both TeamViewer like Google to inform about the application “Recordable Activator” . The TeamViewer said that the way this app uses your plug-in is a violation of the use of the code and does not allow any third party to use. Google said on his part that it is investigating the matter, but not yet removed the Google Play application “

LikeTweet

No comments:

Post a Comment